Modernizing forms at KTH : Using Digital Signatures

Engström, Pontus

January 2016

Today both government agencies and companies struggle to keep up with the pace of the continuous change of technology. With all new technology there are benefits, but new problems might also occur. Implementing new technology for certain tasks may increase both efficiency and security, resulting in a more sustainable work environment. One technology that is increasingly adopted is digital signatures. Instead of using classical handwritten signatures on documents, a digital signature can be more time efficient and have higher security. In order to implement a digital signature technology some security aspects must be addressed and certain properties ensured. In the document signature process, each time an individual verifies a signature attached onto a document a log entry is created. This log contains information about who verified which document, does it have multiple parts that have been signed, does it need multiple signatures in order to be valid, and at what time and date was the document signed. Logs help to ensure the validity of the document and thereby increase the security provided by the digital signatures. At KTH, a student must sign an application form with a regular ink-written signature to start a thesis project. This process can in most cases delay the start up to two weeks. This study aims to implement digital signatures for one specific form, an application form for a thesis project. The hypothesis at the start of the project was that the use of digital signature would decrease the time of waiting significantly. Personnel at KTH using digital signature would facilitate their work efficiency, due to less printing and archiving of papers as well fewer meetings. This study will provide the reader with the necessary fundamental knowledge of cryptography and how digital signatures use this underlying technology. The methodology used in this study was to identify and modify certain software settings, as well collect data from students and personnel at KTH. The collected data was based on time measurements of digital signature processes from students and a faculty member. The results show digital signatures are faster than the current signing process with traditional ink-written signatures. Additionally, the use of digital signatures is expected to reduce the need for printing, transport, and sorting of paper documents. The resulting reduction in use of physical paper should provide environmental benefits. / Dagens myndigheter och företag har det svårt att ständigt följa den tekniska utvecklingen. Ny teknik skapar oftast nya fördelar och andra förmåner men kan ibland också orsaka problem. Att implementera ny teknik för specifika ändamål kan öka både effektivitet och säkerhet, vilket resulterar i en mer effektiv arbetsplats. En teknik som introduceras allt mer på sistone är digitala signaturer. Istället för att signera dokument med en handskriven signatur kan en digital signatur vara mer tidseffektiv och ha en högre säkerhet. För att implementera tekniken bakom digitala signaturer måste särskilda säkerhetsaspekter adresseras och specifika inställningar säkerställas. I signaturprocessen måste varje individ verifiera signaturen som är bifogad på dokumentet, denna verifiering skapar även en logg. En logg innehåller bland annat information om vem som verifierade dokumentet, om dokumentet har fler än en bifogad signatur, behöver dokumentet fler signaturer för att vara giltigt och vilken tid och datum var dokumentet signerat. En logg säkerställer validiteten av dokumentet och ökar därmed säkerheten för digitala signaturer. På KTH krävs en skriftlig ansökan för att påbörja ett examensarbete. Med nuvarande process kan det i vissa fall leda till en försenad projektstart med upp till två veckor. Den här studien syftar till att implementera digitala signaturer för ett specifikt formulär, en ansökningsblankett för att påbörja ett examensarbete. Hypotesen vid projektstart var att användning av digitala signaturer skulle kunna förminska väntetiden signifikant. Anställda på KTH som utnyttjar digitala signaturer skulle kunna förbättra deras arbetseffektivitet på grund av färre pappersutskrifter, mindre pappersarkivering och färre möten. Den här studien kommer att förse läsaren med de mest nödvändiga kunskaperna av kryptografi och hur digitala signaturer använder krypteringsfenomenet. Metodiken som användes syftade till att identifiera och modifiera specifika mjukvaruinställningar samt samla in data från studenter och personal på KTH. Den insamlade datan baserades på tidsmätningar av digitala signatursprocesser från studenter, studievägledare och handledare. Resultatet från studien visade att digitala signaturer skulle ge en snabbare signeringsprocess än nuvarande formulär. Det kan dessutom förväntas att med digitala signaturer skulle pappersutskrifter, papperstransporter och sortering av dessa dokument reduceras. Resultatet av minskad användning av fysiskt papper kommer att generera arbetsfördelar.

Authentication

cryptography

digital signature

digital certificate

X.509

Adobe Acrobat

LDAP

application form

Autentisering

kryptografi

digitala signaturer

digitala certifikat

X.509

Adobe Acrobat

LDAP

ansökningsblankett

Communication Systems

Kommunikationssystem

Servicio para la generación de firma digital y autenticación electrónica usando los certificados digitales contenidos en el DNI electrónico

Vega Caspa, Jessica Carmen, Portugal Vargas, Paulo Cesar

12 June 2021

El presente proyecto de tesis “SERVICIO PARA LA GENERACIÓN DE FIRMA DIGITAL Y AUTENTICACIÓN ELECTRÓNICA USANDO LOS CERTIFICADOS DIGITALES CONTENIDOS EN EL DNI ELECTRÓNICO” busca el desarrollo de un servicio que permita la generación de firma digital de los documentos PDF para que tengan el mismo valor legal que una firma manuscrita, así como también la autenticación electrónica para el ingreso a las aplicaciones web. Este servicio permitirá usar los certificados digitales contenidos en el DNI electrónico del Perú cumpliendo la normativa legal vigente y se podrá integrar de manera fácil, rápida y sencilla a cualquier aplicación web existente o nueva. Para realizar lo antes mencionado, se implementará un servicio para la generación de firma digital, tomando como base lo establecido en la guía de acreditación de aplicaciones de software del INDECOPI, que detalla los requerimientos funcionales que debe de cumplir una aplicación de software de clave pública, el cual interactúa con el DNI electrónico. Parte de estos requerimientos serán también implementados en el servicio de autenticación electrónica, de esta manera se va a asegurar que el servicio cumpla con los requerimientos necesarios para realizar las operaciones de firma digital y autenticación electrónica haciendo uso de los certificados digitales contenidos en el DNI electrónico. La implementación de la solución propuesta contará con el desarrollo de aplicaciones de PC que se ejecutarán en las computadoras, además el desarrollo de aplicaciones web que se conectarán a estas aplicaciones de PC y también se contará con una aplicación web de mantenimiento que gestionará la autorización del uso del servicio. / This thesis project "SERVICE OF GENERATION OF DIGITAL SIGNATURE AND ELECTRONIC AUTHENTICATION USING THE DIGITAL CERTIFICATES CONTAINED IN THE ELECTRONIC DNI” searches the development of a service that allows the generation of digital signature of the PDF documents, so that they have the same legal value as a handwritten signature as well as electronic authentication to enter to web applications. This service will allow the use of the digital certificates contained in the electronic DNI of the Peru complying with current legal regulations and might be integrated easily, quickly, and simply to any existing or new web application. To do the before mentioned, it will be implemented a service for the generation of digital signature, based on what is established in the guide of accreditation of software applications of INDECOPI, which details the functional requirements that must comply with a public key software application, which interacts with the electronic DNI. Part of these requirements will also be implemented in the service of electronic authentication. This way, it will be ensured that the service complies with the necessary requirements to perform the operations of digital signature and electronic authentication by using digital certificates contained in the electronic DNI. The implementation of the proposed solution will include the development of PC applications that will run on computers. Furthermore, the development of web applications that will connect to these PC applications, and there will also be a web application of maintenance that will manage the authorization of the use of the service. / Tesis

Firma digital

Autenticación electrónica

DNI electrónico

Certificado digital

Cero papel

Transformación digital

Digital signature

Electronic authentication

Electronic DNI

Digital certificate

Zero paper

Digital transformation

Návrh bezpečnostní infrastruktury elektronického archivu / Design of security infrastructure for electronic archive

Doležel, Radek

January 2009

This master's thesis deals with design of security infrastructure for electronic archive. In theoretical part is disscus about technical resources which are based on security services and protocols and methods which are used for protection. On basics of theoretical part is designed model of security infrastructure and it is built in laboratory. Model of security infrastructure is based on Open Source Software and as safety storages for private user authentication data are used cryptographic USB tokens. This master's thesis includes design and construction of real infrastructure of secured electronic archive. In each part of master's thesis is put main emphases on security and clear explanation from the beginning of desing of model of security infrastructure for electronic archive to finish of construction.

IC卡應用發展趨勢之研究

徐核朋, hsu,Hopeng

Unknown Date

隨著IC卡的使用，它正深深地影響著我們的未來生活方式，其應用發展趨勢也是值得我們重視的課題。本研究主要從「IC智慧卡成為主流的資訊載具」、「我國內政部、衛生署、交通部及財政部等中央各部，對IC卡之應用發展各擁管轄範圍且各自發展」、「民間業者各自引進或發行電子現金儲值卡」等三方面，說明其可能造成的結果及相關重要課題，以作為本研究之動機。 本研究從我國IC卡應用發展相關文獻中，搜集和本研究主題較相關者，提出IC卡票證整合、IC卡安全整合機制及IC卡規模經濟等值得研究課題，以作為進行IC卡應用發展趨勢研究之參考。 對於IC卡目前應用發展現況，本研究主要說明政府推動國民卡的沿革、政府推動自然人憑證的沿革、政府推動健保IC卡沿革及交通IC票卡目前應用發展，以利了解我國IC卡目前應用發展現況。 針對交通IC票卡，本研究說明北、中、南各地區電子票證IC智慧卡應用發展，包括悠遊卡、台中ｅ卡通、Taiwan Money Card等，後續說明IC票卡規格發展及交通IC票卡系統架構發展，以更深入了解交通IC票卡目前應用發展現況。 本研究針對IC卡應用發展問題，進行更深入的分析，主要論述面向，包括技術面(IC卡規格、IC卡系統架構) 、法令面(IC卡法令規定)、經營管理面(含IC卡管理組織、發行、經營模式)等方面，以發掘問題，分析問題及提出解決策略。 本研究針對所提出之解決策略，予以聚焦，以提出更關鍵的解決策略，包括：(一)技術面：1.建立IC卡共同憑證。2.建立IC卡安全認證。3.建立IC卡整合架構。(二)法律面：1.修改銀行法及交通運輸相關法規中不合IC卡現有運作之規定。2.增訂電子票證法規。(三)經營管理面：1.建立規模經濟發卡量。2.建立IC卡發卡機構經營模式。 3.建立憑證認證機構公信力。4.建立IC卡資訊交換中心。 本研究針對三個構面，提出核心解決策略為「一卡通用」及其整體解決架構及實施步驟，且對整體解決策略之構想方案，提出IC卡卡片規格整合矩陣架構圖，以找出更為適當的IC卡規格方案，該矩陣架構圖，以「共同憑證一卡整合」及「多憑證一卡整合」二構面為縱軸，及「IC卡規格中不存放各類別資料」和「IC卡規格中存放各類別資料」二構面為橫軸，提出四種IC卡片規格整合架構，並列出其優缺點，經研析後，本研究建議初期以具有共同憑證及各類別憑證但不存放各類別資料之架構，作為一卡通用整合規格初期架構，稱為「IC卡共同多憑證不存放各類別資料一卡整合」，最後本研究提出長期一卡通用願景，以「IC卡共同憑證不存放各類別資料一卡整合」為目標。 本研究之結論為：1.我國各類別IC卡規格各行其道，未有整合前瞻性。2.各產業IC卡系統運作架構未整合，導致我們卡滿為患。3.IC卡應用發展於法律面應積極訂定「交通運輸業電子票證法」。4.「非銀行不得發行現金儲值卡」已超越母法規定應修法。5.IC票卡發行機構透過銀行發卡可享有發卡權利金等商機。6.建立IC票卡資訊中心作為全台IC票卡整合運作中心。7.IC票卡業者透過整合可增加發卡量，共創雙贏。8.IC卡於技術面應發展整合技術，以達成一卡通用目標。9.IC卡一卡通用宜建立IC卡資訊交換中心及憑證整合認證中心。10.IC卡一卡通用宜建立整體解決架構之實施步驟。11.IC卡一卡通用卡片規格整合可建立矩陣架構圖，以利分析。12.IC卡一卡通用共同憑證之運作於技術上為可行方案。 最後建議未來可持續探討之課題：1.IC卡一卡通用宜建立認證API(Application Programming Interface)程式介面及標準作業程序。2.IC卡一卡通用宜建立憑證整合認證中心及資訊中心之經營模式。3.IC卡一卡通用宜評估對IC卡產業及憑證認證產業之衝擊。 / A study of trends in the applications and developments of IC cards The IC card is being used widely and it will deeply affect our future living mode. Therefore, trends in its applications and developments have become important subjects of study. This research explores the possible outcome and related important subjects for the utilization of IC card, based on the following three propositions. 1. The IC card is one of the modern world’s primary information media. 2. Government units such as the Ministry of the Interior, the Ministry of Transportation and Communications, the Ministry of Finance ROC, the Department of Health and the Executive Yuan ROC all have jurisdiction over the development and control of development and potential applications of the IC card. 3. Private enterprises have introduced or developed electronic cash-stored cards. The information related to the research subject was collected from the relevant literatures in regard to the applications and developments of IC card in Taiwan, presenting the current safety and integration mechanism of IC ticket cards and the economical magnitude of IC card use, which are both topics that should be taken into consideration in the study of the applications and developments of IC cards. Based on the current situation of the applications and developments for IC cards, the main purpose of this research is to show the evolution of IC cards promoted by the our government, including National Card, Citizen Digital Certificate IC Card, National Health Insurance IC Card, as well as current applications and developments of the Transportation IC Card, in order to help understand the current situation for the applications and developments for existing IC cards in Taiwan. In the Transportation sector, this research shows the applications and developments of various IC smart cards in north, central and south Taiwan, i.e. Easy Card, Taichung e-Cartoon Ticket Card and Taiwan Money Card. It also shows the development of the specification for IC Ticket Cards as well as the development of Transportation IC Cards’ systematic infrastructure, in order to help understand the present situation for the applications and developments of a Transportation IC Card. This research is an analysis of IC card’s applications and developments, covering technical issues (specification and systematic framework of IC card), legislation issues (laws and regulations for IC Card), management issues (operation and administration, release and business model for IC cards), so as to discover and analyze the possible problems as well as propose solutions. Focusing on strategies for finding solutions, presenting more critical strategies for IC Cards, consisting of: 1. Technical: (1) To establish a common certificate (2) To establish safety authentication (3) To establish integration infrastructure 2. Legislation: (1) To revise the Banking Law as well as the laws and regulations relating to public transportation, which are not suitable for the existing operations (2) To revise and augment the laws and regulations for electronic tickets 3. Management: (1) To establish an economic circulation of scale (2) To establish the management pattern for card-issuing organization (3) To establish public credibility for a certificate authentication organization (4) To establish information interchange center To consolidate the above-mentioned three areas, this research proposes a core strategic solution – the concept of “one card for common use (All-in-One Card)” along with integrated solution scheme and operation steps. In addition, for an overall solution strategic plan, in this research it also presents a matrix composition for the integration of specifications to discover a more applicable specification scheme for the IC card. The matrix composition is proposed in four types of framework of specification integration with a file of advantages/disadvantages, based on the concept of X, Y coordinate system – X axis being “One Card integrated with Common Certificate” and “One Card integrated with Multi-Certificates”, Y axis being “No data deposited in the IC card specification” and “All sorts of data deposited in the IC the card specification”. Through detailed research and analysis, it is suggested that at the primary stage, to create the “One card for common use” with an integration of “Common Certificate and Multi-Certificates but no data depositing in the IC card specification”, which is called “One card with common and multi-certificates but no any data deposited in the specification.” The long-term goal will be to achieve “One card with common certificate only and no data deposited in the card specification” for long-term use. Conclusions: 1. In this country, various IC cards have their own specifications and there is still no prospect for integration. 2. The IC card system being used by different industries is still not being integrated, so the market is full of different IC cards. 3. The enactment of the “law on electronic tickets” should be pursued more vigorously for the IC card applications and developments. 4. The stipulation of “A non-bank may not issue a stored value card” might have overtaken the stipulation of “Banking Act”. It should be amended. 5. So long as the IC Ticket Card agency issues IC cards through a bank, the agency will possess the business opportunity of charging the bank a card-issuing fee. 6. To establish an IC Ticket Card information center to integrate the operation of the many IC ticket cards using in Taiwan area. 7. It will be a win-win situation, if IC ticket card operations can be integrated, and this will increase card-issuing quantity as well. 8. On the technical front, integration technology for IC cards should be developed in order to achieve the goal of an “All-in-One Card”. 9. An “IC Card Information Interchange Center” and an “Authentication Center of Certificate Integration” for the “All-in-One Card” should be established. 10. A standardized operational procedure should be established for an overall solution to the “All-in-One IC Card”. 11. The integration of the specifications of the “All-in-One IC Card” can be done through a matrix composition to assist analysis. 12. Technically, an “All-in-One IC Card” with “Common Certificate” is a feasible plan. In the end, this research also offers suggestion on valuable topics that can be the subject of continued discussion in the future: 1. “All-in-One IC Cards” should have an authentication with API (Application Programming Interface) program as well as a standard operational procedure. 2. A business model for “IC Card Information Center” and “Authentication Center of Certificate Integration” should be established. 3. An evaluation of the impact on the IC card industry and the certificate authentication industry should be made.

IC卡

智慧卡

IC智慧卡

IC卡整合

IC票卡整合

IC卡規格

IC票卡規格

一卡通用

矩陣架構圖

憑證

經營模式

憑證認證

共同憑證

憑證整合認證中心

產業衝擊

國民卡

自然人憑證

健保IC卡

悠遊卡

台中e卡

現金儲值卡

電子票證

電子票證法

多憑證

IC Card

Intellectual Card

IC Intellectual Card

IC Card integration

IC ticket Card integration

IC Card specification

IC Ticket Card specification

All-in-One Card

one card for common use

Matrix Composition

Certificate

Management pattern

Business model

Certificate Authentication

Common Certificate

Industrial impact

National Card

Citizen Digital Certificate IC Card

National Health Insurance IC Card

Easy Card

Taichung e-Cartoon Card

Taiwan Money Card

Cash-stored Card

Electronic Ticket

Regulations for Electronic Ticket